1#!/usr/bin/env bash
2
3# Copyright 2016 The Kubernetes Authors.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17# This contains util code for testing kubectl.
18
19set -o errexit
20set -o nounset
21set -o pipefail
22
23# Set locale to ensure english responses from kubectl commands
24export LANG=C
25
26KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/../..
27# Expects the following has already been done by whatever sources this script
28# source "${KUBE_ROOT}/hack/lib/init.sh"
29# source "${KUBE_ROOT}/hack/lib/test.sh"
30source "${KUBE_ROOT}/test/cmd/apply.sh"
31source "${KUBE_ROOT}/test/cmd/apps.sh"
32source "${KUBE_ROOT}/test/cmd/auth_whoami.sh"
33source "${KUBE_ROOT}/test/cmd/authentication.sh"
34source "${KUBE_ROOT}/test/cmd/authorization.sh"
35source "${KUBE_ROOT}/test/cmd/batch.sh"
36source "${KUBE_ROOT}/test/cmd/certificate.sh"
37source "${KUBE_ROOT}/test/cmd/convert.sh"
38source "${KUBE_ROOT}/test/cmd/core.sh"
39source "${KUBE_ROOT}/test/cmd/crd.sh"
40source "${KUBE_ROOT}/test/cmd/create.sh"
41source "${KUBE_ROOT}/test/cmd/debug.sh"
42source "${KUBE_ROOT}/test/cmd/delete.sh"
43source "${KUBE_ROOT}/test/cmd/diff.sh"
44source "${KUBE_ROOT}/test/cmd/discovery.sh"
45source "${KUBE_ROOT}/test/cmd/events.sh"
46source "${KUBE_ROOT}/test/cmd/exec.sh"
47source "${KUBE_ROOT}/test/cmd/generic-resources.sh"
48source "${KUBE_ROOT}/test/cmd/get.sh"
49source "${KUBE_ROOT}/test/cmd/help.sh"
50source "${KUBE_ROOT}/test/cmd/kubeconfig.sh"
51source "${KUBE_ROOT}/test/cmd/node-management.sh"
52source "${KUBE_ROOT}/test/cmd/plugins.sh"
53source "${KUBE_ROOT}/test/cmd/proxy.sh"
54source "${KUBE_ROOT}/test/cmd/rbac.sh"
55source "${KUBE_ROOT}/test/cmd/request-timeout.sh"
56source "${KUBE_ROOT}/test/cmd/results.sh"
57source "${KUBE_ROOT}/test/cmd/run.sh"
58source "${KUBE_ROOT}/test/cmd/save-config.sh"
59source "${KUBE_ROOT}/test/cmd/storage.sh"
60source "${KUBE_ROOT}/test/cmd/template-output.sh"
61source "${KUBE_ROOT}/test/cmd/version.sh"
62source "${KUBE_ROOT}/test/cmd/wait.sh"
63
64
65ETCD_HOST=${ETCD_HOST:-127.0.0.1}
66ETCD_PORT=${ETCD_PORT:-2379}
67SECURE_API_PORT=${SECURE_API_PORT:-6443}
68API_HOST=${API_HOST:-127.0.0.1}
69KUBELET_HEALTHZ_PORT=${KUBELET_HEALTHZ_PORT:-10248}
70SECURE_CTLRMGR_PORT=${SECURE_CTLRMGR_PORT:-10257}
71PROXY_HOST=127.0.0.1 # kubectl only serves on localhost.
72
73IMAGE_NGINX="registry.k8s.io/nginx:1.7.9"
74export IMAGE_DEPLOYMENT_R1="registry.k8s.io/nginx:test-cmd" # deployment-revision1.yaml
75export IMAGE_DEPLOYMENT_R2="$IMAGE_NGINX" # deployment-revision2.yaml
76export IMAGE_PERL="registry.k8s.io/perl"
77export IMAGE_PAUSE_V2="registry.k8s.io/pause:2.0"
78export IMAGE_DAEMONSET_R2="registry.k8s.io/pause:latest"
79export IMAGE_DAEMONSET_R2_2="registry.k8s.io/nginx:test-cmd" # rollingupdate-daemonset-rv2.yaml
80export IMAGE_STATEFULSET_R1="registry.k8s.io/nginx-slim:0.7"
81export IMAGE_STATEFULSET_R2="registry.k8s.io/nginx-slim:0.8"
82
83# Expose kubectl directly for readability
84PATH="${THIS_PLATFORM_BIN}":$PATH
85
86# Define variables for resource types to prevent typos.
87clusterroles="clusterroles"
88configmaps="configmaps"
89csr="csr"
90cronjob="cronjobs"
91deployments="deployments"
92namespaces="namespaces"
93nodes="nodes"
94persistentvolumeclaims="persistentvolumeclaims"
95persistentvolumes="persistentvolumes"
96pods="pods"
97podtemplates="podtemplates"
98replicasets="replicasets"
99replicationcontrollers="replicationcontrollers"
100roles="roles"
101secrets="secrets"
102selfsubjectreviews="selfsubjectreviews"
103serviceaccounts="serviceaccounts"
104services="services"
105statefulsets="statefulsets"
106storageclass="storageclass"
107subjectaccessreviews="subjectaccessreviews"
108customresourcedefinitions="customresourcedefinitions"
109daemonsets="daemonsets"
110controllerrevisions="controllerrevisions"
111job="jobs"
112
113# A junit-style XML test report will be generated in the directory specified by KUBE_JUNIT_REPORT_DIR, if set.
114# If KUBE_JUNIT_REPORT_DIR is unset, and ARTIFACTS is set, then use what is set in ARTIFACTS.
115if [[ -z "${KUBE_JUNIT_REPORT_DIR:-}" && -n "${ARTIFACTS:-}" ]]; then
116 export KUBE_JUNIT_REPORT_DIR="${ARTIFACTS}"
117fi
118
119# include shell2junit library
120sh2ju="${KUBE_ROOT}/third_party/forked/shell2junit/sh2ju.sh"
121if [[ -f "${sh2ju}" ]]; then
122 source "${sh2ju}"
123else
124 echo "failed to find third_party/forked/shell2junit/sh2ju.sh"
125 exit 1
126fi
127
128# record_command runs the command and records its output/error messages in junit format
129# it expects the first to be the name of the command
130# Example:
131# record_command run_kubectl_tests
132#
133# WARNING: Variable changes in the command will NOT be effective after record_command returns.
134# This is because the command runs in subshell.
135function record_command() {
136 set +o nounset
137 set +o errexit
138
139 local name="$1"
140 local output="${KUBE_JUNIT_REPORT_DIR:-/tmp/junit-results}"
141 echo "Recording: ${name}"
142 echo "Running command: $*"
143 juLog -output="${output}" -class="test-cmd" -name="${name}" "$@"
144 local exitCode=$?
145 if [[ ${exitCode} -ne 0 ]]; then
146 # Record failures for any non-canary commands
147 if [ "${name}" != "record_command_canary" ]; then
148 echo "Error when running ${name}"
149 foundError="${foundError}""${name}"", "
150 fi
151 elif [ "${name}" == "record_command_canary" ]; then
152 # If the canary command passed, fail
153 echo "record_command_canary succeeded unexpectedly"
154 foundError="${foundError}""${name}"", "
155 fi
156
157 set -o nounset
158 set -o errexit
159}
160
161# Ensure our record_command stack correctly propagates and detects errexit failures in invoked commands - see https://issue.k8s.io/84871
162foundError=""
163function record_command_canary()
164{
165 set -o nounset
166 set -o errexit
167 bogus-expected-to-fail
168 set +o nounset
169 set +o errexit
170}
171KUBE_JUNIT_REPORT_DIR=$(mktemp -d /tmp/record_command_canary.XXXXX) record_command record_command_canary
172if [[ -n "${foundError}" ]]; then
173 echo "FAILED TESTS: record_command_canary"
174 exit 1
175fi
176
177# Stops the running kubectl proxy, if there is one.
178function stop-proxy()
179{
180 [[ -n "${PROXY_PORT-}" ]] && kube::log::status "Stopping proxy on port ${PROXY_PORT}"
181 [[ -n "${PROXY_PID-}" ]] && kill -9 "${PROXY_PID}" 1>&2 2>/dev/null
182 [[ -n "${PROXY_PORT_FILE-}" ]] && rm -f "${PROXY_PORT_FILE}"
183 PROXY_PID=
184 PROXY_PORT=
185 PROXY_PORT_FILE=
186}
187
188# Starts "kubect proxy" to test the client proxy. $1: api_prefix
189function start-proxy()
190{
191 stop-proxy
192
193 PROXY_PORT_FILE=$(mktemp proxy-port.out.XXXXX)
194 kube::log::status "Starting kubectl proxy on random port; output file in ${PROXY_PORT_FILE}; args: ${1-}"
195
196
197 if [ $# -eq 0 ]; then
198 kubectl proxy --port=0 --www=. 1>"${PROXY_PORT_FILE}" 2>&1 &
199 else
200 kubectl proxy --port=0 --www=. --api-prefix="$1" 1>"${PROXY_PORT_FILE}" 2>&1 &
201 fi
202 PROXY_PID=$!
203 PROXY_PORT=
204
205 local attempts=0
206 while [[ -z ${PROXY_PORT} ]]; do
207 if (( attempts > 9 )); then
208 kill "${PROXY_PID}"
209 kube::log::error_exit "Couldn't start proxy. Failed to read port after ${attempts} tries. Got: $(cat "${PROXY_PORT_FILE}")"
210 fi
211 sleep .5
212 kube::log::status "Attempt ${attempts} to read ${PROXY_PORT_FILE}..."
213 PROXY_PORT=$(sed 's/.*Starting to serve on 127.0.0.1:\([0-9]*\)$/\1/'< "${PROXY_PORT_FILE}")
214 attempts=$((attempts+1))
215 done
216
217 kube::log::status "kubectl proxy running on port ${PROXY_PORT}"
218
219 # We try checking kubectl proxy 30 times with 1s delays to avoid occasional
220 # failures.
221 if [ $# -eq 0 ]; then
222 kube::util::wait_for_url "http://127.0.0.1:${PROXY_PORT}/healthz" "kubectl proxy"
223 else
224 kube::util::wait_for_url "http://127.0.0.1:${PROXY_PORT}/$1/healthz" "kubectl proxy --api-prefix=$1"
225 fi
226}
227
228function cleanup()
229{
230 stop-proxy
231 [[ -n "${CTLRMGR_PID-}" ]] && kill -9 "${CTLRMGR_PID}" 1>&2 2>/dev/null
232 [[ -n "${KUBELET_PID-}" ]] && kill -9 "${KUBELET_PID}" 1>&2 2>/dev/null
233 [[ -n "${APISERVER_PID-}" ]] && kill -9 "${APISERVER_PID}" 1>&2 2>/dev/null
234
235 kube::etcd::cleanup
236 rm -rf "${KUBE_TEMP}"
237
238 local junit_dir="${KUBE_JUNIT_REPORT_DIR:-/tmp/junit-results}"
239 echo "junit report dir:" "${junit_dir}"
240
241 kube::log::status "Clean up complete"
242}
243
244# Executes curl against the proxy. $1 is the path to use, $2 is the desired
245# return code. Prints a helpful message on failure.
246function check-curl-proxy-code()
247{
248 local status
249 local -r address=$1
250 local -r desired=$2
251 local -r full_address="${PROXY_HOST}:${PROXY_PORT}${address}"
252 status=$(curl -w "%{http_code}" --silent --output /dev/null "${full_address}")
253 if [ "${status}" == "${desired}" ]; then
254 return 0
255 fi
256 echo "For address ${full_address}, got ${status} but wanted ${desired}"
257 return 1
258}
259
260# TODO: Remove this function when we do the retry inside the kubectl commands. See #15333.
261function kubectl-with-retry()
262{
263 ERROR_FILE="${KUBE_TEMP}/kubectl-error"
264 preserve_err_file=${PRESERVE_ERR_FILE:-false}
265 for count in {0..3}; do
266 kubectl "$@" 2> "${ERROR_FILE}" || true
267 if grep -q "the object has been modified" "${ERROR_FILE}"; then
268 kube::log::status "retry $1, error: $(cat "${ERROR_FILE}")"
269 rm "${ERROR_FILE}"
270 sleep $((2**count))
271 else
272 if [ "$preserve_err_file" != true ] ; then
273 rm "${ERROR_FILE}"
274 fi
275 break
276 fi
277 done
278}
279
280# Waits for the pods with the given label to match the list of names. Don't call
281# this function unless you know the exact pod names, or expect no pods.
282# $1: label to match
283# $2: list of pod names sorted by name
284# Example invocation:
285# wait-for-pods-with-label "app=foo" "nginx-0nginx-1"
286function wait-for-pods-with-label()
287{
288 local i
289 for i in $(seq 1 10); do
290 kubeout=$(kubectl get po -l "$1" --output=go-template --template='{{range.items}}{{.metadata.name}}{{end}}' --sort-by metadata.name "${kube_flags[@]}")
291 if [[ $kubeout = "$2" ]]; then
292 return
293 fi
294 echo Waiting for pods: "$2", found "$kubeout"
295 sleep "$i"
296 done
297 kube::log::error_exit "Timeout waiting for pods with label $1"
298}
299
300# Code to be run before running the tests.
301setup() {
302 kube::util::trap_add cleanup EXIT SIGINT
303 kube::util::ensure-temp-dir
304 # ensure ~/.kube/config isn't loaded by tests
305 HOME="${KUBE_TEMP}"
306
307 kube::etcd::start
308
309 # Find a standard sed instance for use with edit scripts
310 kube::util::ensure-gnu-sed
311
312 kube::log::status "Building kubectl"
313 make -C "${KUBE_ROOT}" WHAT="cmd/kubectl cmd/kubectl-convert"
314
315 # Check kubectl
316 kube::log::status "Running kubectl with no options"
317 "${THIS_PLATFORM_BIN}/kubectl"
318
319 # TODO: we need to note down the current default namespace and set back to this
320 # namespace after the tests are done.
321 CONTEXT="test"
322 kubectl config set-credentials test-admin --token admin-token
323 kubectl config set-cluster local --insecure-skip-tls-verify --server "https://127.0.0.1:${SECURE_API_PORT}"
324 kubectl config set-context "${CONTEXT}" --user test-admin --cluster local
325 kubectl config use-context "${CONTEXT}"
326 kubectl config view
327
328 kube::log::status "Setup complete"
329}
330
331# Generate a random namespace name, based on the current time (to make
332# debugging slightly easier) and a random number. Don't use `date +%N`
333# because that doesn't work on OSX.
334create_and_use_new_namespace() {
335 local ns_name
336 ns_name="namespace-$(date +%s)-${RANDOM}"
337 kube::log::status "Creating namespace ${ns_name}"
338 kubectl create namespace "${ns_name}"
339 kubectl config set-context "${CONTEXT}" --namespace="${ns_name}"
340}
341
342# Runs all kubectl tests.
343# Requires an env var SUPPORTED_RESOURCES which is a comma separated list of
344# resources for which tests should be run.
345runTests() {
346 foundError=""
347
348 if [ -z "${SUPPORTED_RESOURCES:-}" ]; then
349 echo "Need to set SUPPORTED_RESOURCES env var. It is a list of resources that are supported and hence should be tested. Set it to (*) to test all resources"
350 exit 1
351 fi
352 kube::log::status "Checking kubectl version"
353 kubectl version
354
355 kube_flags=( '-s' "https://127.0.0.1:${SECURE_API_PORT}" '--insecure-skip-tls-verify' )
356
357 kube_flags_without_token=( "${kube_flags[@]}" )
358
359 # token defined in hack/testdata/auth-tokens.csv
360 kube_flags_with_token=( "${kube_flags_without_token[@]}" '--token=admin-token' )
361
362 if [[ -z "${ALLOW_SKEW:-}" ]]; then
363 kube_flags+=('--match-server-version')
364 kube_flags_with_token+=('--match-server-version')
365 fi
366 if kube::test::if_supports_resource "${nodes}" ; then
367 [ "$(kubectl get nodes -o go-template='{{ .apiVersion }}' "${kube_flags[@]}")" == "v1" ]
368 fi
369
370 # Define helper variables for fields to prevent typos.
371 # They will be used in some other files under test/cmd,
372 # Let's export them as https://github.com/koalaman/shellcheck/wiki/SC2034 suggested.
373 export id_field=".metadata.name"
374 export labels_field=".metadata.labels"
375 export annotations_field=".metadata.annotations"
376 export service_selector_field=".spec.selector"
377 export rc_replicas_field=".spec.replicas"
378 export rc_status_replicas_field=".status.replicas"
379 export rc_container_image_field=".spec.template.spec.containers"
380 export rs_replicas_field=".spec.replicas"
381 export port_field="(index .spec.ports 0).port"
382 export port_name="(index .spec.ports 0).name"
383 export second_port_field="(index .spec.ports 1).port"
384 export second_port_name="(index .spec.ports 1).name"
385 export image_field="(index .spec.containers 0).image"
386 export pod_container_name_field="(index .spec.containers 0).name"
387 export container_name_field="(index .spec.template.spec.containers 0).name"
388 export hpa_min_field=".spec.minReplicas"
389 export hpa_max_field=".spec.maxReplicas"
390 export hpa_cpu_field="(index .spec.metrics 0).resource.target.averageUtilization"
391 export template_labels=".spec.template.metadata.labels.name"
392 export statefulset_replicas_field=".spec.replicas"
393 export statefulset_observed_generation=".status.observedGeneration"
394 export job_parallelism_field=".spec.parallelism"
395 export deployment_replicas=".spec.replicas"
396 export secret_data=".data"
397 export secret_type=".type"
398 export change_cause_annotation='.*kubernetes.io/change-cause.*'
399 export pdb_min_available=".spec.minAvailable"
400 export pdb_max_unavailable=".spec.maxUnavailable"
401 export generation_field=".metadata.generation"
402 export container_len="(len .spec.template.spec.containers)"
403 export image_field0="(index .spec.template.spec.containers 0).image"
404 export image_field1="(index .spec.template.spec.containers 1).image"
405
406 # Make sure "default" namespace exists.
407 if kube::test::if_supports_resource "${namespaces}" ; then
408 output_message=$(kubectl get "${kube_flags[@]}" namespaces)
409 if ! grep -q "default" <<< "${output_message}"; then
410 # Create default namespace
411 kubectl create "${kube_flags[@]}" ns default
412 fi
413 fi
414
415 # Make sure "kubernetes" service exists.
416 if kube::test::if_supports_resource "${services}" ; then
417 # Attempt to create the kubernetes service, tolerating failure (since it might already exist)
418 kubectl create "${kube_flags[@]}" -f hack/testdata/kubernetes-service.yaml || true
419 # Require the service to exist (either we created it or the API server did)
420 kubectl get "${kube_flags[@]}" -f hack/testdata/kubernetes-service.yaml
421 fi
422
423 cleanup_tests(){
424 kube::test::clear_all
425 if [[ -n "${foundError}" ]]; then
426 echo "FAILED TESTS: ""${foundError}"
427 exit 1
428 fi
429 }
430
431 if [[ -n "${WHAT-}" ]]; then
432 for pkg in ${WHAT}
433 do
434 # running of kubeadm is captured in hack/make-targets/test-cmd.sh
435 if [[ "${pkg}" != "kubeadm" ]]; then
436 record_command "run_${pkg}_tests"
437 fi
438 done
439 cleanup_tests
440 return
441 fi
442
443 #########################
444 # Kubectl version #
445 #########################
446
447 record_command run_kubectl_version_tests
448
449 ############################
450 # Kubectl result reporting #
451 ############################
452
453 record_command run_kubectl_results_tests
454
455 #######################
456 # kubectl config set #
457 #######################
458
459 record_command run_kubectl_config_set_tests
460
461 ##############################
462 # kubectl config set-cluster #
463 ##############################
464
465 record_command run_kubectl_config_set_cluster_tests
466
467 ##################################
468 # kubectl config set-credentials #
469 ##################################
470
471 record_command run_kubectl_config_set_credentials_tests
472
473 #######################
474 # kubectl local proxy #
475 #######################
476
477 record_command run_kubectl_local_proxy_tests
478
479 #########################
480 # RESTMapper evaluation #
481 #########################
482
483 record_command run_RESTMapper_evaluation_tests
484
485 # find all resources
486 kubectl "${kube_flags[@]}" api-resources
487 # find all namespaced resources that support list by name and get them
488 kubectl "${kube_flags[@]}" api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl "${kube_flags[@]}" get -o name
489
490 ################
491 # Cluster Role #
492 ################
493
494 if kube::test::if_supports_resource "${clusterroles}" ; then
495 record_command run_clusterroles_tests
496 fi
497
498 ########
499 # Role #
500 ########
501 if kube::test::if_supports_resource "${roles}" ; then
502 record_command run_role_tests
503 fi
504
505 #########################
506 # Assert short name #
507 #########################
508
509 if kube::test::if_supports_resource "${customresourcedefinitions}" && kube::test::if_supports_resource "${pods}" && kube::test::if_supports_resource "${configmaps}" ; then
510 record_command run_assert_short_name_tests
511 fi
512
513 #########################
514 # Assert singular name #
515 #########################
516
517 if kube::test::if_supports_resource "${customresourcedefinitions}" && kube::test::if_supports_resource "${pods}" ; then
518 record_command run_assert_singular_name_tests
519 fi
520
521 #########################
522 # Ambiguous short name #
523 #########################
524
525 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then
526 record_command run_ambiguous_shortname_tests
527 fi
528
529 #########################
530 # Assert categories #
531 #########################
532
533 ## test if a category is exported during discovery
534 if kube::test::if_supports_resource "${pods}" ; then
535 record_command run_assert_categories_tests
536 fi
537
538 ###########################
539 # POD creation / deletion #
540 ###########################
541
542 if kube::test::if_supports_resource "${pods}" ; then
543 record_command run_pod_tests
544 fi
545
546 if kube::test::if_supports_resource "${pods}" ; then
547 record_command run_save_config_tests
548 fi
549
550 if kube::test::if_supports_resource "${pods}" ; then
551 record_command run_kubectl_create_error_tests
552 fi
553
554 if kube::test::if_supports_resource "${pods}" ; then
555 record_command run_kubectl_apply_tests
556 record_command run_kubectl_server_side_apply_tests
557 record_command run_kubectl_run_tests
558 record_command run_kubectl_create_filter_tests
559 fi
560
561 if kube::test::if_supports_resource "${deployments}" ; then
562 record_command run_kubectl_apply_deployments_tests
563 fi
564
565 ################
566 # Kubectl diff #
567 ################
568 record_command run_kubectl_diff_tests
569 record_command run_kubectl_diff_same_names
570
571 ###############
572 # Kubectl get #
573 ###############
574
575 if kube::test::if_supports_resource "${pods}" ; then
576 record_command run_kubectl_get_tests
577 fi
578
579 ################
580 # Kubectl help #
581 ################
582
583 record_command run_kubectl_help_tests
584
585 ##################
586 # Kubectl events #
587 ##################
588
589 if kube::test::if_supports_resource "${cronjob}" ; then
590 record_command run_kubectl_events_tests
591 fi
592
593 ################
594 # Kubectl exec #
595 ################
596
597 if kube::test::if_supports_resource "${pods}"; then
598 record_command run_kubectl_exec_pod_tests
599 if kube::test::if_supports_resource "${replicasets}" && kube::test::if_supports_resource "${configmaps}"; then
600 record_command run_kubectl_exec_resource_name_tests
601 fi
602 fi
603
604 ######################
605 # Create #
606 ######################
607 if kube::test::if_supports_resource "${secrets}" ; then
608 record_command run_create_secret_tests
609 fi
610 if kube::test::if_supports_resource "${deployments}"; then
611 record_command run_kubectl_create_kustomization_directory_tests
612 record_command run_kubectl_create_validate_tests
613 fi
614
615 ######################
616 # Convert #
617 ######################
618 if kube::test::if_supports_resource "${deployments}"; then
619 record_command run_convert_tests
620 fi
621
622 ######################
623 # Delete #
624 ######################
625 if kube::test::if_supports_resource "${configmaps}" ; then
626 record_command run_kubectl_delete_allnamespaces_tests
627 fi
628
629 ######################
630 # Delete --interactive #
631 ######################
632 if kube::test::if_supports_resource "${configmaps}" ; then
633 record_command run_kubectl_delete_interactive_tests
634 fi
635
636 ##################
637 # Global timeout #
638 ##################
639
640 if kube::test::if_supports_resource "${pods}" ; then
641 record_command run_kubectl_request_timeout_tests
642 fi
643
644 #####################################
645 # CustomResourceDefinitions #
646 #####################################
647
648 # customresourcedefinitions cleanup after themselves.
649 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then
650 record_command run_crd_tests
651 fi
652
653 #####################################
654 # Recursive Resources via directory #
655 #####################################
656
657 if kube::test::if_supports_resource "${pods}" ; then
658 record_command run_recursive_resources_tests
659 fi
660
661
662 ##############
663 # Namespaces #
664 ##############
665 if kube::test::if_supports_resource "${namespaces}" ; then
666 record_command run_namespace_tests
667 fi
668
669
670 ###########
671 # Secrets #
672 ###########
673 if kube::test::if_supports_resource "${namespaces}" ; then
674 if kube::test::if_supports_resource "${secrets}" ; then
675 record_command run_secrets_test
676 fi
677 fi
678
679
680 ######################
681 # ConfigMap #
682 ######################
683
684 if kube::test::if_supports_resource "${namespaces}"; then
685 if kube::test::if_supports_resource "${configmaps}" ; then
686 record_command run_configmap_tests
687 fi
688 fi
689
690 ####################
691 # Client Config #
692 ####################
693
694 record_command run_client_config_tests
695
696 ####################
697 # Service Accounts #
698 ####################
699
700 if kube::test::if_supports_resource "${namespaces}" && kube::test::if_supports_resource "${serviceaccounts}" ; then
701 record_command run_service_accounts_tests
702 fi
703
704 ####################
705 # Job #
706 ####################
707
708 if kube::test::if_supports_resource "${job}" ; then
709 record_command run_job_tests
710 record_command run_create_job_tests
711 fi
712
713 #################
714 # Pod templates #
715 #################
716
717 if kube::test::if_supports_resource "${podtemplates}" ; then
718 record_command run_pod_templates_tests
719 fi
720
721 ############
722 # Services #
723 ############
724
725 if kube::test::if_supports_resource "${services}" ; then
726 record_command run_service_tests
727 fi
728
729 ##################
730 # DaemonSets #
731 ##################
732
733 if kube::test::if_supports_resource "${daemonsets}" ; then
734 record_command run_daemonset_tests
735 if kube::test::if_supports_resource "${controllerrevisions}"; then
736 record_command run_daemonset_history_tests
737 fi
738 fi
739
740 ###########################
741 # Replication controllers #
742 ###########################
743
744 if kube::test::if_supports_resource "${namespaces}" ; then
745 if kube::test::if_supports_resource "${replicationcontrollers}" ; then
746 record_command run_rc_tests
747 fi
748 fi
749
750 ######################
751 # Deployments #
752 ######################
753
754 if kube::test::if_supports_resource "${deployments}" ; then
755 record_command run_deployment_tests
756 fi
757
758 ######################
759 # Replica Sets #
760 ######################
761
762 if kube::test::if_supports_resource "${replicasets}" ; then
763 record_command run_rs_tests
764 fi
765
766 #################
767 # Stateful Sets #
768 #################
769
770 if kube::test::if_supports_resource "${statefulsets}" ; then
771 record_command run_stateful_set_tests
772 if kube::test::if_supports_resource "${controllerrevisions}"; then
773 record_command run_statefulset_history_tests
774 fi
775 fi
776
777 ######################
778 # Lists #
779 ######################
780
781 if kube::test::if_supports_resource "${services}" ; then
782 if kube::test::if_supports_resource "${deployments}" ; then
783 record_command run_lists_tests
784 fi
785 fi
786
787
788 ######################
789 # Multiple Resources #
790 ######################
791 if kube::test::if_supports_resource "${services}" ; then
792 if kube::test::if_supports_resource "${replicationcontrollers}" ; then
793 record_command run_multi_resources_tests
794 fi
795 fi
796
797 ######################
798 # Persistent Volumes #
799 ######################
800
801 if kube::test::if_supports_resource "${persistentvolumes}" ; then
802 record_command run_persistent_volumes_tests
803 fi
804
805 ############################
806 # Persistent Volume Claims #
807 ############################
808
809 if kube::test::if_supports_resource "${persistentvolumeclaims}" ; then
810 record_command run_persistent_volume_claims_tests
811 fi
812
813 ############################
814 # Storage Classes #
815 ############################
816
817 if kube::test::if_supports_resource "${storageclass}" ; then
818 record_command run_storage_class_tests
819 fi
820
821 #########
822 # Nodes #
823 #########
824
825 if kube::test::if_supports_resource "${nodes}" ; then
826 record_command run_nodes_tests
827 fi
828
829 ########################
830 # Authentication
831 ########################
832
833 record_command run_exec_credentials_tests
834 record_command run_exec_credentials_interactive_tests
835
836 if kube::test::if_supports_resource "${selfsubjectreviews}" ; then
837 record_command run_kubectl_auth_whoami_tests
838 fi
839
840 ########################
841 # authorization.k8s.io #
842 ########################
843
844 if kube::test::if_supports_resource "${subjectaccessreviews}" ; then
845 record_command run_authorization_tests
846 fi
847
848 # kubectl auth can-i
849 # kube-apiserver is started with authorization mode AlwaysAllow, so kubectl can-i always returns yes
850 if kube::test::if_supports_resource "${subjectaccessreviews}" ; then
851 output_message=$(kubectl auth can-i '*' '*' 2>&1 "${kube_flags[@]}")
852 kube::test::if_has_string "${output_message}" "yes"
853
854 output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}")
855 kube::test::if_has_string "${output_message}" "yes"
856
857 output_message=$(kubectl auth can-i get invalid_resource 2>&1 "${kube_flags[@]}")
858 kube::test::if_has_string "${output_message}" "the server doesn't have a resource type"
859
860 output_message=$(kubectl auth can-i get /logs/ 2>&1 "${kube_flags[@]}")
861 kube::test::if_has_string "${output_message}" "yes"
862
863 output_message=$(! kubectl auth can-i get /logs/ --subresource=log 2>&1 "${kube_flags[@]}")
864 kube::test::if_has_string "${output_message}" "subresource can not be used with NonResourceURL"
865
866 output_message=$(kubectl auth can-i list jobs.batch/bar -n foo --quiet 2>&1 "${kube_flags[@]}")
867 kube::test::if_empty_string "${output_message}"
868
869 output_message=$(kubectl auth can-i get pods --subresource=log 2>&1 "${kube_flags[@]}"; echo $?)
870 kube::test::if_has_string "${output_message}" '0'
871
872 output_message=$(kubectl auth can-i get pods --subresource=log --quiet 2>&1 "${kube_flags[@]}"; echo $?)
873 kube::test::if_has_string "${output_message}" '0'
874
875 # kubectl auth can-i get '*' does not warn about namespaced scope or print an error
876 output_message=$(kubectl auth can-i get '*' 2>&1 "${kube_flags[@]}")
877 kube::test::if_has_not_string "${output_message}" "Warning"
878
879 # kubectl auth can-i get foo does not print a namespaced warning message, and only prints a single lookup error
880 output_message=$(kubectl auth can-i get foo 2>&1 "${kube_flags[@]}")
881 kube::test::if_has_string "${output_message}" "Warning: the server doesn't have a resource type 'foo'"
882 kube::test::if_has_not_string "${output_message}" "Warning: resource 'foo' is not namespace scoped"
883
884 # kubectl auth can-i get pods does not print a namespaced warning message or a lookup error
885 output_message=$(kubectl auth can-i get pods 2>&1 "${kube_flags[@]}")
886 kube::test::if_has_not_string "${output_message}" "Warning"
887
888 # kubectl auth can-i get nodes prints a namespaced warning message
889 output_message=$(kubectl auth can-i get nodes 2>&1 "${kube_flags[@]}")
890 kube::test::if_has_string "${output_message}" "Warning: resource 'nodes' is not namespace scoped"
891
892 # kubectl auth can-i get nodes --all-namespaces does not print a namespaced warning message
893 output_message=$(kubectl auth can-i get nodes --all-namespaces 2>&1 "${kube_flags[@]}")
894 kube::test::if_has_not_string "${output_message}" "Warning: resource 'nodes' is not namespace scoped"
895 fi
896
897 # kubectl auth reconcile
898 if kube::test::if_supports_resource "${clusterroles}" ; then
899 # dry-run command
900 kubectl auth reconcile --dry-run=client "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml
901 kube::test::get_object_assert 'rolebindings -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" ''
902 kube::test::get_object_assert 'roles -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" ''
903 kube::test::get_object_assert 'clusterrolebindings -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" ''
904 kube::test::get_object_assert 'clusterroles -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" ''
905
906 # command
907 kubectl auth reconcile "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-resource-plus.yaml
908 kube::test::get_object_assert 'rolebindings -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-RB:'
909 kube::test::get_object_assert 'roles -n some-other-random -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-R:'
910 kube::test::get_object_assert 'clusterrolebindings -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-CRB:'
911 kube::test::get_object_assert 'clusterroles -l test-cmd=auth' "{{range.items}}{{$id_field}}:{{end}}" 'testing-CR:'
912
913 failure_message=$(! kubectl auth reconcile "${kube_flags[@]}" -f test/fixtures/pkg/kubectl/cmd/auth/rbac-v1beta1.yaml 2>&1 )
914 kube::test::if_has_string "${failure_message}" 'only rbac.authorization.k8s.io/v1 is supported'
915
916 kubectl delete "${kube_flags[@]}" rolebindings,role,clusterroles,clusterrolebindings -n some-other-random -l test-cmd=auth
917 fi
918
919
920
921 #####################
922 # Retrieve multiple #
923 #####################
924
925 if kube::test::if_supports_resource "${nodes}" ; then
926 if kube::test::if_supports_resource "${services}" ; then
927 record_command run_retrieve_multiple_tests
928 fi
929 fi
930
931
932 #####################
933 # Resource aliasing #
934 #####################
935
936 if kube::test::if_supports_resource "${services}" ; then
937 if kube::test::if_supports_resource "${replicationcontrollers}" ; then
938 record_command run_resource_aliasing_tests
939 fi
940 fi
941
942 ###########
943 # Explain #
944 ###########
945
946 if kube::test::if_supports_resource "${pods}" ; then
947 record_command run_kubectl_explain_tests
948 fi
949
950 ##############################
951 # CRD Deletion / Re-creation #
952 ##############################
953
954 if kube::test::if_supports_resource "${namespaces}" ; then
955 record_command run_crd_deletion_recreation_tests
956 fi
957
958 ###########
959 # Swagger #
960 ###########
961
962 record_command run_swagger_tests
963
964 #####################
965 # Kubectl --sort-by #
966 #####################
967
968 if kube::test::if_supports_resource "${pods}" ; then
969 record_command run_kubectl_sort_by_tests
970 fi
971
972 ############################
973 # Kubectl --all-namespaces #
974 ############################
975
976 if kube::test::if_supports_resource "${pods}" ; then
977 if kube::test::if_supports_resource "${nodes}" ; then
978 record_command run_kubectl_all_namespace_tests
979 fi
980 fi
981
982 ############################
983 # Kubectl deprecated APIs #
984 ############################
985
986 if kube::test::if_supports_resource "${customresourcedefinitions}" ; then
987 record_command run_deprecated_api_tests
988 fi
989
990
991 ######################
992 # kubectl --template #
993 ######################
994
995 if kube::test::if_supports_resource "${pods}" ; then
996 record_command run_template_output_tests
997 fi
998
999 ################
1000 # Certificates #
1001 ################
1002
1003 if kube::test::if_supports_resource "${csr}" ; then
1004 record_command run_certificates_tests
1005 fi
1006
1007 ######################
1008 # Cluster Management #
1009 ######################
1010 if kube::test::if_supports_resource "${nodes}" ; then
1011 record_command run_cluster_management_tests
1012 fi
1013
1014 ###########
1015 # Plugins #
1016 ###########
1017
1018 record_command run_plugins_tests
1019
1020
1021 #################
1022 # Impersonation #
1023 #################
1024 record_command run_impersonation_tests
1025
1026 ####################
1027 # kubectl wait #
1028 ####################
1029
1030 record_command run_wait_tests
1031
1032 ####################
1033 # kubectl debug #
1034 ####################
1035 if kube::test::if_supports_resource "${pods}" ; then
1036 record_command run_kubectl_debug_pod_tests
1037 record_command run_kubectl_debug_general_tests
1038 record_command run_kubectl_debug_baseline_tests
1039 record_command run_kubectl_debug_restricted_tests
1040 record_command run_kubectl_debug_netadmin_tests
1041 fi
1042 if kube::test::if_supports_resource "${nodes}" ; then
1043 record_command run_kubectl_debug_node_tests
1044 record_command run_kubectl_debug_general_node_tests
1045 record_command run_kubectl_debug_baseline_node_tests
1046 record_command run_kubectl_debug_restricted_node_tests
1047 record_command run_kubectl_debug_netadmin_node_tests
1048 fi
1049
1050 cleanup_tests
1051}
View as plain text